Tag: parties | SpinSafe

Russian Hackers Use ‘WINELOADER’ Malware to Target German Political Parties

March 23, 2024/in Internet Security

Mar 23, 2024NewsroomCyber Espionage / Cyber Warfare

The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia’s Foreign Intelligence Service (SVR), which was responsible for breaching SolarWinds and Microsoft.

The findings come from Mandiant, which said Midnight Blizzard (aka APT29, BlueBravo, or Cozy Bear) used the malware to target German political parties with phishing emails bearing a logo from the Christian Democratic Union (CDU) around February 26, 2024.

“This is the first time we have seen this APT29 cluster target political parties, indicating a possible area of emerging operational focus beyond the typical targeting of diplomatic missions,” researchers Luke Jenkins and Dan Black said.

WINELOADER was first disclosed by Zscaler ThreatLabz last month as part of a cyber espionage campaign that’s believed to have been ongoing since at least July 2023. It attributed the activity to a cluster dubbed SPIKEDWINE.

Attack chains leverage phishing emails with German-language lure content that purports to be an invite for a dinner reception to trick recipients into clicking on a phony link and downloading a rogue HTML Application (HTA) file, a first-stage dropper called ROOTSAW (aka EnvyScout) that acts as a conduit to deliver WINELOADER from a remote server.

“The German-language lure document contains a phishing link directing victims to a malicious ZIP file containing a ROOTSAW dropper hosted on an actor-controlled compromised website,” the researchers said. “ROOTSAW delivered a second-stage CDU-themed lure document and a next stage WINELOADER payload.”

WINELOADER, invoked via a technique called DLL side-loading using the legitimate sqldumper.exe, comes equipped with abilities to contact an actor-controlled server and fetch additional modules for execution on the compromised hosts.

It’s said to share similarities with known APT29 malware families like BURNTBATTER, MUSKYBEAT, and BEATDROP, suggesting the work of a common developer.

WINELOADER, per the Google Cloud subsidiary, has also been employed in an operation targeting diplomatic…

Source…

Practise good cyber hygiene habits to thwart hackers, scammers and other malicious parties

April 21, 2022/in Computer Security

In 2013, World Password Day was introduced by Intel to raise awareness on the role strong passwords play in safeguarding our digital lives.

The event, which falls on every first Thursday in May, invites users to evaluate their own security measures and take the necessary steps to protect their accounts.

Simply using lengthier passwords consisting of unique characters is no longer sufficient today as users are advised to turn on multi-factor authentication for better protection.

Experts also urge users not to recycle passwords as they may have been inadvertently exposed in data breaches, and to utilise other security measures such as biometrics authentication using fingerprints or facial recognition wherever possible.

Here are some recent cybersecurity incidents involving bad password habits to convince you to make the change.

As easy as 123

First reported in 2020, the SolarWinds hack has been described as one of the most devastating security breaches in US history.

According to a Reuters report, hackers breached SolarWinds’ software and could have gained access to an estimated 18,000 companies and multiple US government agencies that used its products. These included emails at the US Treasury, Justice and Commerce departments, among others. A subsequent investigative report published by the company claimed that fewer than 100 customers were actually affected by the hack.

Investigations into the cause of the hack led to the initial discovery that SolarWinds had suffered a lapse in password security back in 2019, when an intern allegedly posted the password “solarwinds123” onto their private Github account.

The researcher who found the leaked password, Vinoth Kumar, told CNN that the password had been accessible online since 2018 and that by using the password, he was able to log in and deposit files onto the company’s server.

He warned that any hacker could upload malicious programs to SolarWinds using the tactic.

SolarWinds CEO Sudhakar Ramakrishna later admitted that the password had been in use from as far back as 2017 and that he had taken measures to fix the issue.

The…

Source…

ThreatList: Admin Rights for Third Parties is the Norm

November 20, 2019/in Mobile Security

The majority give outside partners, contractors and suppliers administrative access — without strong security policies in place.
Mobile Security – Threatpost

Exclusive: Australia concluded China was behind hack on parliament, political parties – sources – Reuters

September 21, 2019/in Internet Security

Exclusive: Australia concluded China was behind hack on parliament, political parties – sources Reuters

SYDNEY (Reuters) – Australian intelligence determined China was responsible for a cyber-attack on its national parliament and three largest political parties …

“chinese hackers” – read more

Tag Archive for: parties